pulumi-aws-native-kotlin/com.pulumi.awsnative.s3.kotlin.outputs/BucketServerSideEncryptionByDefault

BucketServerSideEncryptionByDefault

data class BucketServerSideEncryptionByDefault(val kmsMasterKeyId: String? = null, val sseAlgorithm: BucketServerSideEncryptionByDefaultSseAlgorithm)

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption. + General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (`aws/s3`) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.

  • Directory buckets - Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The managed key (`aws/s3`) isn't supported.

  • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

Constructors

Link copied to clipboard
constructor(kmsMasterKeyId: String? = null, sseAlgorithm: BucketServerSideEncryptionByDefaultSseAlgorithm)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val kmsMasterKeyId: String? = null

AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + General purpose buckets - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse`.

Link copied to clipboard
val sseAlgorithm: BucketServerSideEncryptionByDefaultSseAlgorithm

Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms`.